Soumettre #779181: elecV2 <=3.8.3 SSRFinformation

TitreelecV2 <=3.8.3 SSRF
DescriptionThe /mock endpoint accepts a request object and passes it directly to eAxios() without authentication or URL validation. With type: "req", the server fetches any attacker-supplied URL, enabling internal network scanning and data exfiltration. Confirmed via DNS callback.
La source⚠️ https://github.com/elecV2/elecV2P/issues/202
Utilisateur
 ZAST.AI (UID 87884)
Soumission13/03/2026 05:31 (il y a 17 jours)
Modérer27/03/2026 15:12 (14 days later)
StatutAccepté
Entrée VulDB353901 [elecV2 elecV2P jusqu’à 3.8.3 URL /mock eAxios req élévation de privilèges]
Points17

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!